#! /bin/sh
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2016 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.

echo "running defines.sh"
. $SRCDIR/scripts/defines.sh

mkdir -p $TESTDIR $DBDIR1

echo "Running slapadd to build slapd database..."
. $CONFFILTER $BACKEND $MONITORDB < $WHOAMICONF > $ADDCONF
$SLAPADD -f $ADDCONF -l $LDIFWHOAMI
RC=$?
if test $RC != 0 ; then
	echo "slapadd failed ($RC)!"
	exit $RC
fi

echo "Starting slapd on TCP/IP port $PORT..."
. $CONFFILTER $BACKEND $MONITORDB < $WHOAMICONF > $CONF1
$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
PID=$!
if test $WAIT != 0 ; then
    echo PID $PID
    read foo
fi
KILLPIDS="$PID"

sleep 1

echo "Using ldapsearch to check that slapd is running..."
for i in 0 1 2 3 4 5; do
	$LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
		'objectclass=*' > /dev/null 2>&1
	RC=$?
	if test $RC = 0 ; then
		break
	fi
	echo "Waiting 5 seconds for slapd to start..."
	sleep 5
done

echo "Testing ldapwhoami as anonymous..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1

RC=$?
if test $RC != 0 ; then
	echo "ldapwhoami failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

echo "Testing ldapwhoami as ${MANAGERDN}..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD

RC=$?
if test $RC != 0 ; then
	echo "ldapwhoami failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

echo "Testing ldapwhoami as ${MANAGERDN} for anonymous..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD \
	-e \!authzid=""

RC=$?
if test $RC != 0 ; then
	echo "ldapwhoami failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

echo "Testing ldapwhoami as ${MANAGERDN} for dn:$BABSDN..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD \
	-e \!authzid="dn:$BABSDN"

RC=$?
if test $RC != 0 ; then
	echo "ldapwhoami failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

echo "Testing ldapwhoami as ${MANAGERDN} for u:uham..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD \
	-e \!authzid="u:uham"

RC=$?
if test $RC != 0 ; then
	echo "ldapwhoami failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

# authzFrom: someone else => bjorn
echo "Testing authzFrom..."

BINDDN="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=bjensen
AUTHZID="u:bjorn"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.exact)..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
	-e \!authzid="$AUTHZID"

RC=$?
if test $RC != 0 ; then
	echo "ldapwhoami failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

BINDDN="cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com"
BINDPW=melliot
AUTHZID="u:bjorn"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (u)..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
	-e \!authzid="$AUTHZID"

RC=$?
if test $RC != 0 ; then
	echo "ldapwhoami failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

BINDDN="cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com"
BINDPW=jen
AUTHZID="u:bjorn"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI)..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
	-e \!authzid="$AUTHZID"

RC=$?
if test $RC != 0 ; then
	echo "ldapwhoami failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

BINDDN="cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=jjones
AUTHZID="u:bjorn"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (group)..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
	-e \!authzid="$AUTHZID"

RC=$?
if test $RC != 0 ; then
	echo "ldapwhoami failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

BINDDN="cn=No One,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=noone
AUTHZID="u:bjorn"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.onelevel)..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
	-e \!authzid="$AUTHZID"

RC=$?
if test $RC != 0 ; then
	echo "ldapwhoami failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

BINDDN="cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com"
BINDPW=dots
AUTHZID="u:bjorn"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.regex)..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
	-e \!authzid="$AUTHZID"

RC=$?
if test $RC != 0 ; then
	echo "ldapwhoami failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

BINDDN="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com"
BINDPW=jaj
AUTHZID="u:bjorn"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.children)..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
	-e \!authzid="$AUTHZID"

RC=$?
if test $RC != 0 ; then
	echo "ldapwhoami failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

BINDDN="cn=ITD Staff,ou=Groups,dc=example,dc=com"
BINDPW=ITD
AUTHZID="u:bjorn"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.subtree)..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
	-e \!authzid="$AUTHZID"

RC=$?
if test $RC != 0 ; then
	echo "ldapwhoami failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

BINDDN="cn=Should Fail,dc=example,dc=com"
BINDPW=fail
AUTHZID="u:bjorn"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
	-e \!authzid="$AUTHZID"

RC=$?
case $RC in 
1)
	;;
0)
	echo "ldapwhoami should have failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit -1
	;;
*)
	echo "ldapwhoami failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
	;;
esac

BINDDN="cn=Must Fail,dc=example,dc=com"
BINDPW=fail
AUTHZID="u:bjorn"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
	-e \!authzid="$AUTHZID"

RC=$?
case $RC in 
1)
	;;
0)
	echo "ldapwhoami should have failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit -1
	;;
*)
	echo "ldapwhoami failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
	;;
esac

# authzTo: bjorn => someone else
echo "Testing authzTo..."

BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=bjorn
AUTHZID="u:bjensen"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.exact)..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
	-e \!authzid="$AUTHZID"

RC=$?
if test $RC != 0 ; then
	echo "ldapwhoami failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=bjorn
AUTHZID="u:melliot"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (u)..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
	-e \!authzid="$AUTHZID"

RC=$?
if test $RC != 0 ; then
	echo "ldapwhoami failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=bjorn
AUTHZID="u:jdoe"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI)..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
	-e \!authzid="$AUTHZID"

RC=$?
if test $RC != 0 ; then
	echo "ldapwhoami failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=bjorn
AUTHZID="u:jjones"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (group)..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
	-e \!authzid="$AUTHZID"

RC=$?
if test $RC != 0 ; then
	echo "ldapwhoami failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=bjorn
AUTHZID="u:noone"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.onelevel)..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
	-e \!authzid="$AUTHZID"

RC=$?
if test $RC != 0 ; then
	echo "ldapwhoami failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=bjorn
AUTHZID="u:dots"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.regex)..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
	-e \!authzid="$AUTHZID"

RC=$?
if test $RC != 0 ; then
	echo "ldapwhoami failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=bjorn
AUTHZID="u:jaj"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.children)..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
	-e \!authzid="$AUTHZID"

RC=$?
if test $RC != 0 ; then
	echo "ldapwhoami failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=bjorn
AUTHZID="u:group/itd staff"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.subtree)..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
	-e \!authzid="$AUTHZID"

RC=$?
if test $RC != 0 ; then
	echo "ldapwhoami failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=bjorn
AUTHZID="u:fail"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
	-e \!authzid="$AUTHZID"

RC=$?
case $RC in 
1)
	;;
0)
	echo "ldapwhoami should have failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit -1
	;;
*)
	echo "ldapwhoami failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
	;;
esac

BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=bjorn
AUTHZID="dn:cn=Should Fail,dc=example,dc=com"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
	-e \!authzid="$AUTHZID"

RC=$?
case $RC in 
1)
	;;
0)
	echo "ldapwhoami should have failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit -1
	;;
*)
	echo "ldapwhoami failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
	;;
esac

BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=bjorn
AUTHZID="dn:cn=don't!"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (no authzTo; should fail)..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
	-e \!authzid="$AUTHZID"

RC=$?
if test $RC != 1 ; then
	echo "ldapwhoami failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit 1
fi

BINDDN="dc=example,dc=com"
BINDPW=example
AUTHZID="dn:"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID}\"\" (dn.exact; should succeed)..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
	-e \!authzid="$AUTHZID"

RC=$?
if test $RC != 0 ; then
	echo "ldapwhoami failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

test $KILLSERVERS != no && kill -HUP $KILLPIDS

echo ">>>>> Test succeeded"

test $KILLSERVERS != no && wait

exit 0

## Note to developers: when SLAPD_DEBUG=-1 the command
## awk '/^do_extended$/ {if (c) {print c} c=0} /<===slap_sasl_match:/ {c++} END {print c}' $TESTDIR/slapd.1.log
## must return the sequence 1 2 3 4 5 6 7 8 8 8 1 2 3 4 5 6 7 8 8 8 8 1
## to indicate that the authzFrom and authzTo rules applied in the right order.
